exchange-2010 interview questions
Top exchange-2010 frequently asked interview questions
I'm looking for an Exchange 2010 command that would do the following:
- Given an email address (fully-qualified with domain and all) check if the email address is associated to some mailbox or group in the system;
- (Ideally) show which entity owns that email address
This would be very helpful for me to check my migration and make sure all of our aliases were moved correctly.
Source: (StackOverflow)
My challenge
We have Exchange servers at various sites, but also aboard ships. The ships are connected to our network through satellite links when at sea, but switch to WiFi bridges when in port.
Due the high latency (500+ ms) and not-uncommon drop-outs (e.g. when the ships are turning), attempting to send any e-mails above a few megabytes while at sea, is likely to fail and be retried until the limit has been reached. The result: The email doesn't get delivered and each try consumes valuable bandwidth on the sat link.
One "solution" is to limit the maximum e-mail size to say 5 MB, but that's hardly user friendly and an unnecessary restriction while in port.
Rough idea
What I'd rather do, is to queue all e-mails larger than a set limit for later delivery when at sea, while sending all small e-mails immediately. I was then thinking I'd ping the hub transport server in our datacenter regularly, when latency drops under ~400 ms, I'd start processing the large e-mails queue. When latency goes up over 400 ms, I'd plug the hole and let e-mails queue up again.
Now, I haven't gotten my hands really dirty with Exchange since version 2003. Back then, you could schedule large e-mails for later delivery, so my idea was do something similar in Exchange 2010, then script a way to switch the delivery schedule for large e-mails between 'always' and 'never'.
Obstacle
It shouldn't be too complicated to create a script like that, but then I read that the feature I'd rely on was removed with Exchange 2007:
This was a feature present in Exchange 2003 but has been removed for
Exchange 2007. It was set on an SMTP Connector with the 'use different
delivery times for oversize messages'.
TechCenter: Is it possible to schedule email delivery based on size in Exchange?
Questions
Is it true? - Is this feature no longer present in Exchange 2010, or has it merely transformed into something similar, I can use to accomplish my goal? If so, what?
Is there another way to defer delivery of large e-mails on certain Exchange servers? It could be based on a schedule or maybe even requiring specific action - I'm fairly certain there will be some way to trigger the delivery through script, I just need large e-mails in a separate queue on ships.
Your thoughts on this will be highly appreciated! :-)
Edit #1: Refined Rough Idea
I stumpled upon two PowerShell CmdLets I think can bring me pretty close to my goal:
I toyed around with Get-Message for a while, to see what kind of messages the commands above would deal with.
Most importantly, these commands accept a message size filter. This command will list queued messages,on the current server, larger than 5 MB (5,242,880 bytes):
get-message -Filter {Size -gt 5242880}
It seems Get-Message only returns messages from various remote delivery queues. But does messages flowing within the server, however briefly, show up in a queue that Get/Suspend/Resume-Message will mess with?
If not, the solution could be as simple as a scheduled script every few minutes, along the lines of (in pseudo code):
if ping_rtt > 400 Then
Suspend-Message -Filter {Size -gt 5242880}
Else
Resume-Message
EndIf
Concerns/follow-up questions:
Mostly irrelvant now - see edit #2.
Will Get-Message only return messages from remote delivery queues - never messages for intra-server delivery? If not, does the identity name of remote delivery queues follow a certain pattern, that I can use for filtering?
Could/should this be done via a custom Transport Agent (as suggested by @longneck) or an Event Sink (if this concept still exists in Exchange 2010)?
Say I run the script every 5 minutes, that still means large messages being sent, can potentially cause problems for up to 5 minutes, before getting suspended. We'd still be better off than we are now, but it's not optimal. I could increase the frequency to every minute, but it wouldn't be the most elegant solution.
Even if I only check round-trip time every 5 minutes (to save sat traffic), what Exchange mechanism would I need to setup, in order to check against the last recorded RTT, each time a message is submitted that goes to a remote delivery queue, and then take approriate action?
Edit #2: Proposed Solutions
Allow me to summarise the proposed solutions, and their pros and cons as I see it:
Custom Transport Agent
Concept
- Periodically monitor latency, classify as high or low (threshold: 400 ms?)
- Through a custom Transport Agent, suspend/resume all e-mails larger than a set threshold, when latency classification changes
- Through the custom TA, immediately put subsequently submitted large messages in "suspend" mode, if latency is high
Strengths
- Large e-mails are never attempted delivered when latency is high
Weaknesses
- No development skills to make this in-house (note to self: source code should belong to my company as part of the contract with the external developer)
- 3rd party software that ties into Exchange can cause problems when patching or updating
- Some sort of support agreement necessary, in case something goes wrong (see above)
Moderate Large Messages
Concept
- Periodically monitor latency, classify as high or low (threshold: 400 ms?)
- Based on latency classification, configure Exchange Transport Rules through scripting, to either let all messages flow or forward large messages to moderator
- Approve messages in moderator queue when ship's in port, possibly by a human
Strengths
- Large e-mails are never attempted delivered when latency is high
- Messages are suspended using native native Exchange Transport Rules
Weaknesses
- By the looks of it, messages can not be approved programmatically when latency is low, hence human intervention is required each time ship's in port
- Possibly privacy issues, if moderation is not handled programmatically
Questions
- Can messages be approved programmatically from moderator mailbox? How?
Scheduled PowerShell commands
Concept
- Periodically monitor latency, classify as high or low (threshold: 400 ms?)
- As long as latency is high, frequently (every minute?) suspend any large messages (
Suspend-Message -Filter {Size -gt 5242880})
- When latency drops to low, resume all messages (
Resume-Message)
Strengths
Weaknesses
- Not the most elegant solution
- Delivery of each new large message can be attempted for as long as the interval between
Suspend-Message commands, possibly still wasting some bandwidth and create congestions (though very briefly compared to not doing anything)
Questions
- Any ideas on how to prevent attempts to deliver large messages, in-between
Suspend-Message commands?
- Will
Get-Message only return messages from remote delivery queues - never messages for intra-server delivery? If not, does the identity name of remote delivery queues follow a certain pattern, that I can use for filtering?
Edit #3: The Way Forward
After bringing the proposed solutions up in my team (including the SMTP proxy, which I failed to include in edit #2), and based on my own gut feeling, we decided to go for a custom Exchange Transport Agent.
I'm in contact with a couple of consultancy companies, who will get back to me with how the will attack the problem and what it would cost.
If you have any experience with outsourcing programming tasks, feel free to leave feedback to my related question on Stack Overflow, because I don't.
Source: (StackOverflow)
When connecting android mobile devices to Exchange ActiveSync some require granting device administrator privileges which permit an exchange administrator to remotely wipe the phone. The warning messages are scaring some mobile users and turning them away from using Exchange ActiveSync altogether.
How can I disable his functionality on Exchange Server 2010? [security breaches are not an issue here]
Source: (StackOverflow)
I have taken over all IT responsibilities for a company that is using Active Directory (2008 R2 native level) and Exchange 2010. I have come to find out that their internal Active Directory domain name is the same as an external internet domain name that they do not own. I understand that domain rename with Exchange 2010 / server 2008 r2 is not possible as far as I have read. Could someone help me to realize what other options may be available to me? They have quite a large infrastructure so moving to a new forest would be a massive job I would like to try to avoid if possible.
Thank you in advance for your help.
Source: (StackOverflow)
I have one Exchange 2010 server which is fully updated, the clients are running Outlook 2010 but some users are getting a prompt for credentials every time they open Outlook.
I have checked for common errors like the checked box Always request authentication.
I think this happens only with new users that are created in AD and in Exchange and I can't do gpupdate - could that be related?
Source: (StackOverflow)
Exchange 2013 is out, available for some epople already. Got if from the VLC Center, now trying to get an upgrade path that works for some customers.
Problem:
- There is no upgrade. It is "install on new Server, move mailboxes. This means coexistence with Exchagne 2010 for the time to move the Mailbox.
- Sadly the only compatible Exchange is Exchange 2010 Sp3 - which is not going to be bout for quite some time.
Any way to still do an update? Backup, restore to new Server? Any beta of the SP that is good enough to ONLY move the mailboxes? I do not care about the rest - this really is "install Exchange 2013, move mailboxes, UNINSTALL 2010".
I am quite - ah - unhappy that at the end the only one who will be able to intall 2013 are new companies right now.
Source: (StackOverflow)
In Exchange 2010, you can define Database Availability Groups and have your mailbox database(s) automatically replicated between multiple servers, and you can have mailbox server which are members of a DAG also host other server roles, such as Hub Transport and/or Client Access (which wasn't possible with Exchange 2007).
But can you define an array of Client Access Servers on the same two servers which are members of a DAG? The documentation I've found states quite clearly that you can't use NLB with DAGs due to incompatibilities with the cluster service... or, that you can try to set it up, but it would be an unsupported scenario.
What about using a hardware load balancer? Or a reverse proxy which can publish multiple internal servers on the same external URL (such as ISA)? If NLB is not used on the two servers and another balancing solution is implemented, can then full high availability of all main Exchange services (Mailbox, Hub, CAS) be achieved with only two servers?
Source: (StackOverflow)
I have a strange situation. On the weekend our Exchange 2010 system got fried, so I pulled out the backup from Friday 12/12/2014 and restored it.
Now when our users reconnect to their mailboxes, whether via Outlook or their phones, they don't see anything after 18/11/2014. I watched the content disappear with my own eyes. One moment it was there, the next, bam - gone. Almost a month of data is gone from their devices. Emails, appointments, etc. Everyone's outlook is running in Cached mode - I have no idea what the devices themselves do (some are iPhones, some are Android).
However: If I log into the web interface, everything is intact. I can see entries right up to when the backup was taken.
What's going on? Will the users Outlooks eventually sort themselves out? New content (inbound emails) are appearing correctly in the mailbox.
Right now I've just advised our users to get onto their webmail.
Source: (StackOverflow)
A user is experiencing a problem whereby when sending emails, some emails are being allocated the same Message ID. The issue looks to occur when the user has a draft email and they forward the draft to one person, and then later send the draft to another person.
I have done an email trace in Exchange, searching only on Message ID and Exchange is returning the two emails.
Our environment is Outlook 2010 SP1, Exchange 2010 + Exchange 2007, our users run in Outlook Cache Mode.
I have done some research and from what I have read it is the client which generates the Message ID, is this correct?
Is anyone aware of any known issues with two different emails receiving the same Message ID? Does anyone have any knowledge on how this could occur and what we can do to resolve this?
The latest example email's were sent just over 1 hour apart (1 hour, 1 minute), have the same subject, Message ID, sender, but different recipients and message body (only slightly).
Source: (StackOverflow)
We're working on a project to migrate employee email from Unix/open-source (courier IMAP, exim, squirrelmail, etc) to Exchange 2010, and trying to figure out options for single-signon for Outlook Web Access. So far all the options I've found are very ugly and "unsupportable", and may simply not work with Forefront.
We already have JA-SIG CAS for token-based single-signon and Shibboleth for SAML. Users are directed to a simple in-house portal (a Perl CGI, really) that they use to sign in to most stuff. We have an HA OpenLDAP cluster that's already synchronized against another AD domain and will be synchronized with the AD domain Exchange will be using. CAS authenticates against LDAP. The portal authenticates against CAS. Shibboleth authenticates with CAS but pulls additional data from LDAP. We're moving in the direction of having web services authenticate against CAS or Shibboleth. (Students are already on SAML/Shibboleth authenticated Google Apps for Education)
With Squirrelmail we have a horrible hack linked to from that portal page that authenticates against CAS, gets your original plaintext password (yes, I know, evil), and gives you an HTTP form pre-filled with all the necessary squirrelmail login details with javaScript onLoad stuff to immediately submit the form.
Trying to find out exactly what is possible with Exchange/OWA seems to be difficult. "CAS" is both the acronym for our single-signon server and an Exchange component. From what I've been able to tell there's an addon for Exchange that does SAML, but only for federating things like free/busy calendar info, not authenticating users. Plus it costs additional money so there's no way to experiment with it to see if it can be coaxed into doing what we want.
Our plans for the Exchange cluster involve Forefront Threat Management Gateway (the new ISA) in the DMZ front-ending the CAS servers.
So, the real question: Has anybody managed to make Exchange authenticate with CAS (token-based single-signon) or SAML, or with something I can reasonably likely make authenticate with one of those (such as anything that will accept apache's authentication)? With Forefront?
Failing that, anybody have some tips on convincing OWA Forms Based Authentication (FBA) into letting us somehow "pre-login" the user? (log in as them and pass back cookies to the user, or giving the user a pre-filled form that autosubmits like we do with squirrelmail). This is the least-favorite option for a number of reasons, but it would (just barely) satisfy our requirements. From what I hear from the guy implementing Forefront, we may have to set OWA to basic authentication and do forms in Forefront for authentication, so it's possible this isn't even possible.
I did find CasOwa, but it only mentions Exchange 2007, looks kinda scary, and as near as I can tell is mostly the same OWA FBA hack I was considering slightly more integrated with the CAS server. It also didn't look like many people had had much success with it. And it may not work with Forefront.
There's also "CASifying Outlook Web Access 2", but that one scares me, too, and involves setting up a complex proxy config, which seems more likely to break. And, again, doesn't look like it would work with Forefront.
Am I missing something with Exchange SAML (OWA Federated whatchamacallit) where it is possible to configure to do user authentication and not just free/busy access authorization?
Source: (StackOverflow)
I'm trying to give 'send-as' permissions to one user in Exchange 2010. Here is the Powershell command I'm running:
Add-ADPermission "User1" -User "Ourdomain\User2" -Extendedrights "Send As"
Powershell returns this error:
Active Directory operation failed on DC.OurDomain.pri. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : EDBB94A3,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
I've tried multiple alternatives to the Powershell command - ie. using -Identity etc., but that and the EMC wizard all return the same error.
I'm not sure if the "INSUFF_ACCESS_RIGHTS" is referring to me who is running the command or the user I'm giving the send-as rights to?
I've been following the Microsoft Technet "Manage Send As Permissions for a Mailbox" web page here:
http://technet.microsoft.com/en-us/library/bb676368.aspx
So have added the two permissions you need to do this:
Organization Management
Recipient Management
But that is not helping. Any ideas?
Update
If I do the following:
- open up "AD Users & Computers" with the "Advanced Features" view
- Go to the properties of User1
- Hit "Advanced" on the Security tab
- Select "Add"
- enter in "User2" and select "Send As" Allow
That works, if I close ADUaC and open it up again and re-check those new permissions they are still there.
If I return about 10 minutes later those permissions are now gone - user2 does not show up in the security permissions of user1 at all.
Don't think I've ever seen this kind of AD behaviour before.
Source: (StackOverflow)
I have a very bizarre set of circumstances. One of my staff received an e-mail addressed to me from a consultant, however this consultant would have no idea who this staff is or their e-mail address. I also received the e-mail, however it's quite concerning to me that something like this might happen.
Points worth noting
- The anti-spam logs do NOT show my colleague getting the mail, but show me getting the mail.
- The Exchange Tracking Logs show both of us getting it (they are bizarre though - more on that below)
- This is a lone exchange server that serves CAS, HT and MB roles
- Server is up-to-date with updates and service packs
- Spam filtering is done with Exchange Server Toolbox V4
- There are no delegate permissions or forwarding rules on either of our accounts
Below is the scrubbed message tracking log - the peculiar thing is that I am the correct recipient, however that e-mail arrives one minute after the incorrect. You'll also note that the two Client IP's, Client Hostnames, Server hostnames and return paths are completely different - as if they've come from two different people.
Timestamp ClientIp ClientHostname ServerIp ServerHostname SourceContext EventId InternalMessageId MessageId TotalBytes RecipientCount MessageSubject Sender ReturnPath
07/09/2013 11:40 2.2.2.2 different.sending.server.com 10.0.0.7 postmaster 08D04A67B764B4DB;2013-07-09T15:40:26.336Z;0 RECEIVE 253201 <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 8882 1 RE: Server Down? sender@domain.com wrongemail@differentdomain.com
07/09/2013 11:40 myserver MYSERVER 08D04A67B764B4E9;2013-07-09T15:40:54.377Z;0 DELIVER 253201 <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9212 1 RE: Server Down? sender@domain.com wrongemail@differentdomain.com
07/09/2013 11:41 1.1.1.1 correct.sending.server.com 10.0.0.7 postmaster 08D04A67B764B4E2;2013-07-09T15:40:42.088Z;0 RECEIVE 253207 <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9437 1 RE: Server Down? sender@domain.com sender@domain.com
07/09/2013 11:41 myserver MYSERVER 08D04A67B764B4EF;2013-07-09T15:41:18.790Z;0 DELIVER 253207 <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local> 9767 1 RE: Server Down? sender@domain.com sender@domain.com
Does anyone know what might cause this??
EDIT : Sanitized logs of e-mail sent to my colleague
X-Process: ESTProcessDone
Received: from hub023-ca-3.exch023.serverdata.net (1.1.1.1) by
myserver.mydomain.com (10.0.0.7) with Microsoft SMTP Server (TLS) id
14.3.123.3; Tue, 9 Jul 2013 11:40:42 -0400
Received: from MBX023-W1-CA-10.exch023.domain.local ([10.254.8.60]) by
HUB023-CA-3.exch023.domain.local ([10.254.8.36]) with mapi id 14.03.0123.003;
Tue, 9 Jul 2013 08:40:41 -0700
From: sender <sender@domain.com>
To: Me <me@mydomain.com>
Subject: RE: Server Down?
Thread-Topic: Server Down?
Thread-Index: Ac58tY3CMo8EMLUTR3OVT6VTqv9MowAApWDwAACb9EA=
Date: Tue, 9 Jul 2013 15:40:41 +0000
Message-ID: <6FC8422858D3E0419323DB54F887D2CC390F0BF9@mbx023-w1-ca-10.exch023.domain.local>
References: <6FC8422858D3E0419323DB54F887D2CC390F0B9B@mbx023-w1-ca-10.exch023.domain.local>
<DA59270178440942B362BC622B47E790036E3E4C@myserver.mydomain.com>
In-Reply-To: <DA59270178440942B362BC622B47E790036E3E4C@myserver.mydomain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [3.3.3.3]
Content-Type: multipart/alternative;
boundary="_000_6FC8422858D3E0419323DB54F887D2CC390F0BF9mbx023w1ca10exc_"
MIME-Version: 1.0
Return-Path: sender@domain.com
X-MS-Exchange-Organization-AuthSource: myserver.mydomain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
EDIT 2 :
After reviewing the anti-spam logs it looks as though my colleague had an e-mail arrive to her at the exact time the incorrect one was delivered to her. The aforementioned e-mail is from the same person / IP address that shows up in "different.sending.server" and "2.2.2.2" Client IP Address.
My colleague never received the e-mail listed above but instead received the one addressed to me.
Source: (StackOverflow)
We are using Live@edu, which is essentially hosted exchange server with some additional features and limitations to work around, and I'm trying to find everybody that is forwarding or redirecting emails from their accounts.
I am trying to remove old accounts that have not been used, but we have instructions for users on redirecting emails, so we should expect that some users are indeed redirecting their emails, which will make their last login/logoff times not reflect whether they are indeed using auto forwarding or auto redirecting rules.
How could I find a list of users with forwarding or redirection rules using Exchange 2010 Powershell Cmdlets?
/EDIT: It may be sufficient for my purposes to find whether there are ANY server side rules, regardless of whether the rule forwards/redirects or does some other action.
Source: (StackOverflow)
We've been subpoenaed to send all emails exchanged with a couple different individuals for a court case.
How would I go about doing this in an Exchange 2010 environment?
Source: (StackOverflow)
We have an existing installation of GFI MailArchiver 5 with several databases of archives (perhaps 100-150GB). The goal is to export each user's archived e-mail and then import it into Exchange 2010 SP1 Personal Archives. GFI has a tool to do this, but it's very rudimentary and has severe, frankly unworkable, limitations. It only allows me to query based on the e-mail headers. Due to the fact that we have multiple aliases that may show in multiple headers (To:, Cc:), not to mention the fact that this won't cover a user's membership in a distribution group at a given point in time, this tool will not suffice.
Another option is for me extract the e-mails from the GFI databases without using the tool, but this would require me to write my own tool to reconstruct them and I really would rather not go down that path.
I feel very stuck on this issue. Has anyone here done a similar migration? How can this best be handled?
Source: (StackOverflow)